Browse Source

FIX : in salary stats and payment list, we must check right perms as well as salary list

Gauthier PC portable 024 3 years ago
parent
commit
2256f8811d

+ 10 - 10
htdocs/salaries/class/salariesstats.class.php

@@ -23,7 +23,7 @@
  *  \brief      Fichier de la classe de gestion des stats des salaires
  */
 include_once DOL_DOCUMENT_ROOT.'/core/class/stats.class.php';
-include_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php';
+include_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php';
 
 /**
  *	Classe permettant la gestion des stats des salaires
@@ -58,7 +58,7 @@ class SalariesStats extends Stats
 		$this->socid = $socid;
 		$this->userid = $userid;
 
-		$object = new PaymentSalary($this->db);
+		$object = new Salary($this->db);
 		$this->from = MAIN_DB_PREFIX.$object->table_element;
 		$this->field = 'amount';
 
@@ -81,7 +81,7 @@ class SalariesStats extends Stats
 	 */
 	public function getNbByYear()
 	{
-		$sql = "SELECT YEAR(datep) as dm, count(*)";
+		$sql = "SELECT YEAR(dateep) as dm, count(*)";
 		$sql .= " FROM ".$this->from;
 		$sql .= " WHERE ".$this->where;
 		$sql .= " GROUP BY dm DESC";
@@ -99,9 +99,9 @@ class SalariesStats extends Stats
 	 */
 	public function getNbByMonth($year, $format = 0)
 	{
-		$sql = "SELECT MONTH(datep) as dm, count(*)";
+		$sql = "SELECT MONTH(dateep) as dm, count(*)";
 		$sql .= " FROM ".$this->from;
-		$sql .= " WHERE YEAR(datep) = ".((int) $year);
+		$sql .= " WHERE YEAR(dateep) = ".((int) $year);
 		$sql .= " AND ".$this->where;
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -121,9 +121,9 @@ class SalariesStats extends Stats
 	 */
 	public function getAmountByMonth($year, $format = 0)
 	{
-		$sql = "SELECT date_format(datep,'%m') as dm, sum(".$this->field.")";
+		$sql = "SELECT date_format(dateep,'%m') as dm, sum(".$this->field.")";
 		$sql .= " FROM ".$this->from;
-		$sql .= " WHERE date_format(datep,'%Y') = '".$this->db->escape($year)."'";
+		$sql .= " WHERE date_format(dateep,'%Y') = '".$this->db->escape($year)."'";
 		$sql .= " AND ".$this->where;
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -141,9 +141,9 @@ class SalariesStats extends Stats
 	 */
 	public function getAverageByMonth($year)
 	{
-		$sql = "SELECT date_format(datep,'%m') as dm, avg(".$this->field.")";
+		$sql = "SELECT date_format(dateep,'%m') as dm, avg(".$this->field.")";
 		$sql .= " FROM ".$this->from;
-		$sql .= " WHERE date_format(datep,'%Y') = '".$this->db->escape($year)."'";
+		$sql .= " WHERE date_format(dateep,'%Y') = '".$this->db->escape($year)."'";
 		$sql .= " AND ".$this->where;
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -158,7 +158,7 @@ class SalariesStats extends Stats
 	 */
 	public function getAllByYear()
 	{
-		$sql = "SELECT date_format(datep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
+		$sql = "SELECT date_format(dateep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
 		$sql .= " FROM ".$this->from;
 		$sql .= " WHERE ".$this->where;
 		$sql .= " GROUP BY year";

+ 1 - 1
htdocs/salaries/payments.php

@@ -234,7 +234,7 @@ $sql .= " ".MAIN_DB_PREFIX."user as u";
 $sql .= " WHERE u.rowid = sal.fk_user";
 $sql .= " AND s.entity IN (".getEntity('payment_salaries').")";
 if (empty($user->rights->salaries->readall)) {
-	$sql .= " AND s.fk_user IN (".$db->sanitize(join(',', $childids)).")";
+	$sql .= " AND sal.fk_user IN (".$db->sanitize(join(',', $childids)).")";
 }
 
 // Search criteria

+ 5 - 1
htdocs/salaries/stats/index.php

@@ -74,6 +74,10 @@ dol_mkdir($dir);
 
 $useridtofilter = $userid; // Filter from parameters
 
+if (empty($user->rights->salaries->readall) && empty($useridtofilter)) {
+	$useridtofilter = $user->getAllChildIds(1);
+}
+
 $stats = new SalariesStats($db, $socid, $useridtofilter);
 
 
@@ -204,7 +208,7 @@ print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->tra
 // User
 print '<tr><td>'.$langs->trans("Employee").'</td><td>';
 print img_picto('', 'user', 'class="pictofixedwidth"');
-print $form->select_dolusers(($userid ? $userid : -1), 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'widthcentpercentminusx maxwidth300');
+print $form->select_dolusers(($userid ? $userid : -1), 'userid', 1, '', 0, empty($user->rights->salaries->readall) ? 'hierarchyme' : '', '', 0, 0, 0, '', 0, '', 'widthcentpercentminusx maxwidth300');
 print '</td></tr>';
 // Year
 print '<tr><td>'.$langs->trans("Year").'</td><td>';